AMENDMENTS TO THE CLAIMS: 

This listing of claims will replace all prior versions, and listings, of claims in the application: 
LISTING OF CLAIMS: 

1. (Currently Amended) A method for analyzing software code comprising the steps of: 

a) automatically generating program graphs representing runtime characteristics of said 
code utilizing static analysis techniques, said runtime characteristics including at least adding 
one or more edges that represent an invocation of a thread.run() which results from a call to 
thread.start(), said runtime characteristics further including at least removing edges from 
thread. start() to thread. run() when determining which interprocedural nodes are in a thread of 
execution, said runtime characteristics further including at least adding one or more edges from 
within an intraprocedural analysis to class constructor based on a rule that specifies when a class 
constructor must execute; 

b) automatically applying a set of rules to said program graphs, including at least 
performing a reachability analysis for at least removing one or more edges to reduce reachability! 
said set of rules including at least tests for "never call X", "never call X from Y" and "never call 
X when synchronized", said X and Y re presentin g method signatures : 

c) automatically identifying potential software problems from rules set analysis results; 

and, 

d) reporting said software problems where one or more of best practices violations and 
coding errors may occur. 

2. (Previously Presented) The method according to Claim 1 , wherein said rules set represents one 
or more selected from group comprising: use of best practices and common coding errors, or 
combinations thereof 
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3. (Previously Presented) The method according to Claim 1, wherein said reporting d) includes 
presenting results in the context of corresponding source code or object code. 

4. (Original) The method according to Claim 1, wherein step b) includes performing rule 
searches applied to said program graphs. 

5. (Previously Presented) The method according to Claim 1 , wherein said software code subject 
to said static analysis techniques comprises one or more selected from group comprising: object 
code, source code, a compiler intermediate representation, of said software code, and other 
program representations, or combinations thereof. 

6. (Original) The method according to Claim 3, wherein a program graph includes a control 
analysis graph, said static analysis technique automatically generating said control analysis 
graphs from said software code. 

7. (Original) The method according to Claim 3, wherein a program graph includes a data flow 
analysis graph, said static analysis technique automatically generating said data flow analysis 
graph from said software code. 

8. (Original) The method according to Claim 3, wherein a program graph includes an 
intraprocedural control graph, said static analysis technique automatically generating said 
intraprocedural control graphs from said software code. 

9. (Original) The method according to Claim 3, wherein a program graph includes an 
interprocedural control graphs, said static analysis technique includes automatically generating 
said interprocedural control graphs from said software code. 
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1 0. (Original) The method according to Claim 5 wherein said static code analysis further 
includes automatically identifying classes, fields, methods and class attributes, said set of rules 
being further applied to said classes and class attributes. 

1 1 . (Original) The method according to Claim 5 wherein said static code analysis further 
includes automatically identifying attributes of classes, methods, fields, and aspects of a 
program's body. 

12. (Original) The method according to Claim 5, wherein said step b) further includes the step of: 
receiving said program graphs and class attributes information and performing a graph rewriting 
technique. 

13. (Original) The method according to Claim 12, wherein a result of applying graph rewriting 
includes generating a run-time characteristics model for said program. 

14. (Original) The method according to Claim 12, wherein said step b) further includes the step 
of receiving said program graphs and attributes information, and performing a reachability 
analysis. 

15. (Original) The method according to Claim 14, wherein said reachability analysis is 
performed with or without constraints. 

16. (Previously Presented) The method according to Claim 14, further comprising the step of 
employing a rule search engine to automatically apply a set of rules to said rewrite graph results, 
reachability analysis results and attributes to identify one or more selected from group of: 
possible performance errors or problems concerning correctness, security, privacy and 
maintainability of said software code. 
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17. (Previously Presented) The method according to Claim 14, wherein said rewrite graph 
technique includes traversing a program graph to locate nodes containing attributes of interest and 
to locate edges to add or remove from said program graph. 

18. (Original) The method according to Claim 17 f wherein said reachability analysis includes 
traversing the program graphs and adding or removing edges to extend or reduce reachability, 
respectively. 

19. (Original) The method according to Claim 18, wherein a rule is applied to determine whether 
a node representing a particular method is reachable by traversing said graph from a particular 
head node, said head node being user selectable. 

20. (Currently Amended) A static analysis framework for analyzing software code, said 
framework comprising: 

means for automatically generating program graphs representing runtime 
characteristics of software code, said runtime characteristics including at least adding one or more 
edges that represent an invocation of a thread.run() which results from a call to thread, startfj, said 
runtime characteristics further including at least removing one or more edges from thread. start() 
to fhread.run() when determining which interprocedural nodes are in a thread of execution, said 
runtime characteristics further including at least adding one or more edges from within an 
intraprocedural analysis to a class constructor based on a rule that specifies when the class 
constructor must execute and further including at least performing a reachability analysis for at 
least removing one or more edges to reduce reachability; 

rule search engine for automatically applying a set of rules to said program graphs^ 
said set of rules including at least tests for "never call X", "never call X from Y" and "never call 
X when synchronized", said X and Y representing method signatures ; 

means for automatically identifying potential software problems from rules set 
analysis results; and, 
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means for reporting said problems to enable correction of instances where one or more 
of best practices violations and common coding errors may occur. 

21 . (Previously Presented) The static analysis framework as claimed in Claim 20, wherein said 
rules set represents one or more selected from group comprising: use of best practices and 
common coding errors, or combinations thereof. 

22. (Original) The static analysis framework as claimed in Claim 20, wherein said software code 
comprises scalable componentized applications according to a software development platform. 

23. (Previously Presented) The static analysis framework as claimed in Claim 20, wherein said 
program graphs include one or more selected from group comprising: a control analysis graph, a 
data flow analysis graph, an intraprocedural control flow graph and an interprocedural control 
flow graph, said static analysis technique automatically generating a respective one of said 
control analysis graph, data flow analysis graph, intraprocedural control flow graph and 
interprocedural control flow graph from said software code. 

24. (Original) The static analysis framework as claimed in Claim 23, further including means for 
automatically identifying classes, fields, methods and class attributes, said set of rules being 
further applied to said classes and class attributes. 

25. (Original) The static analysis framework as claimed in Claim 23, wherein said static code 
analysis further includes automatically identifying attributes of classes, methods, fields, and 
aspects of a program's body. 

26. (Original) The static analysis framework as claimed in Claim 20, wherein said means for 
automatically generating program graphs includes means for performing graph rewriting. 



Page 6 of 10 

I:\IBM\105\16O88\AMEND\16088.am6.doc 



27. (Original) The static analysis framework as claimed in Claim 26, wherein results of said 
graph rewriting include a run-time characteristics model for said program. 

28. (Original) The static analysis framework as claimed in Claim 26, wherein said means for 
automatically generating program graphs includes: means for performing a reachability analysis, 
said reachability analysis being performed with or without constraints. 

29. (Original) The static analysis framework as claimed in Claim 28, wherein said rule search 
engine automatically applies a set of rules to said rewrite graph results, reachability analysis 
results and attributes to identify one or more of: possible performance errors or problems 
concerning correctness, security and privacy of said software code. 

30. (Currently Amended) A computer program device readable by a machine, tangibly 
embodying a program of instructions executable by a machine to perform method steps for 
analyzing software code, said method steps comprising: 

a) automatically generating program graphs representing runtime characteristics of 
said code utilizing static analysis techniques, said runtime characteristics including at least adding 
one or more edges that represent an invocation of a thread.run() which results from a call to 
thread.start(), said runtime characteristics further including at least removing one or more edges 
from thread.start() to thread.run() when determining which interprocedural nodes are in a thread 
of execution, said runtime characteristics further including at least adding one or more edges from 
within an intraprocedural analysis to a class constructor based on a rule that specifies when the 
class constructor must execute, and further including at least performing a reachability analysis 
for at least removing one or more edges to reduce reachability; 

b) automatically applying a set of rules to said program graphs , said set of rules 
including at least tests for "never call X". "never call X from Y" and "never call X when 
synchronized", said X and Y representing method signatures ; 

c) automatically identifying potential software problems from rules set analysis 
results; and, 
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d) reporting said software problems to enable correction of instances where one or 
more of best practices violations and common coding errors may occur. 
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